In CA APM 10.x what is the significance of the new SSL connector property "certAlias" in the Jetty web server config file for the EM Web Server (em-jetty-config.xml) i.e. <Set name="certAlias">wily</Set> (10.0-> 10.5)<Set name="certAlias">caapm</Set> (10.7)

Environment:

APM 10.x

Answer:

Pre-APM 10.0 only the fixed name of 'wily' was supported for the Private Key alias stored in the EM_HOME/config/internal/server/keystore file so this a new property which enables the user to use their own alias when loading their Private Key.

The default EM_HOME/config/internal/server/keystore file provided with the EM install contains a Private Key with the default alias of 'wily' (versions 10.0-> 10.5) or 'caapm' (version 10.7). So the user has 2 choices:

EITHER:

Delete the 'wily' or 'caapm' alias from the keystore file.

Load own Private Key/Certificate pair into the keystore with the same 'wily' or 'caapm' alias.

Leave the Jetty web server config file unchanged

OR:

Load own Private Key/Certificate pair into the keystore with new alias 'myalias'

It is only supported to have 1 "certAlias" property in either jetty web server config file. Multiple entries for that property will not cause an error on startup but only the value from the last "certAlias" property entry will be used.

Some useful commands:

The following example commands are assumed to be run from directory EM_HOME/config/internal/server

For the default keystore provided with the EM install the password is "password"

The keytool executable is found in the Java Runtime Environment directory e.g. EM_HOME/jre/bin.

For further information on keytool options & parameters see Oracle Java documentation e.g.